1. Responsible body and data protection officer
Thank you for your interest in our range of information.
Your privacy as a data subject and your right to “informational self-determination” are very important to us. We process your personal data in accordance with the EU General Data Protection Regulation (EU -DS-GVO) and the Federal Data Protection Act (BDSG).
Responsible body within the meaning of the GDPR is:
DiWa Import Services (Germany)
85567 Grafing b. Muenchen
Phone: +49 8092 868 0897
Data protection officer:
Please address all requests for information, requests for information or objections to data processing to this address:
DiWa Import Services (Germany)
85567 Grafing b. Muenchen
Phone: +49 8092 868 0897
We take the protection of your personal data very seriously. Personal data is any information relating to an identified or identifiable natural person (hereinafter „data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of that natural person.
2. Legal bases for the processing of your personal data
We process your personal data in accordance with specific purposes in connection with your expressions of interest in our offers, to initiate contractual or quasi-contractual business relationships, to offer products and services, to maintain business contacts and to comply with processing regulations under tax law and commercial law and others relevant laws and regulations.
In this sense, if necessary, we also monitor changes in intended purposes – e.g. B. in the context of advertising activities (direct marketing) – as long as these do not contradict your right to informational self-determination or you do not revoke your consent to this processing of your personal data.
The legal bases for the processing of your personal data result in particular from Art. 6 EU-DSGVO.
Personal data is largely collected and processed directly from those affected via our website – especially if you actively use the online forms yourself. This happens e.g. B. when using the contact form or subscribing to the online newsletter.
Processing of special categories of personal data i. S.v. Art. 9 paragraph 1 EU-DSGVO, for example, when registering for events, applications or attending further training events, only takes place if this is necessary on the basis of your consent or due to legal regulations and there is no reason to assume that your legitimate interest in the exclusion processing prevails, Art. 88 Para. 1 EU-DSGVO.
3. Your rights as a data subject
The EU GDPR gives you, as the data subject, relevant rights when your personal data is processed by the responsible body, in particular:
Right to information (Article 15 EU GDPR)
You have the right to request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right of appeal, request the origin of your data, if not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details;
Right to rectification (Art. 16 EU-DSGVO)
You have the right, in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or the completion of your personal data stored by us ;
Right to erasure (Article 17 EU GDPR)
You have the right under Article 17 GDPR to request the erasure of your personal data stored by us, provided that the processing for exercising the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
Right to restriction of data processing (Art. 18 EU-DS-GVO)
You have the right, in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as You contest the accuracy of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need them to assert, exercise or defend legal claims, or you object to the processing in accordance with Art. 21 GDPR inserted;
Right to data transferability (Art. 20 EU-DSGVO)
You have the right, according to Art. 20 GDPR, your personal data that you have provided to us in a structured, common and machine-readable format or request transmission to another controller;
Right to revoke your consent
You have the right, in accordance with Art. 7 Para. 3 GDPR, to revoke your consent to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future
Right to complain to a data protection supervisory authority
You have the right to complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our headquarters, the Bavarian State Commissioner for Data Protection, contact
Right to object to data processing (Art. 21 EU-DS-GVO)
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit f GDPR are processed, you have the right to object to the processing of your personal data in accordance with Art. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
If you would like to exercise your right of cancellation or objection, an email to the company data protection officer is sufficient: email@example.com.
4. For data protection in individual areas
Web platform data security
When you visit our website, we use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed representation of the key or lock symbol in the status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Our website at https://www.diwa-import.de is intended to make it easier for you to access our information and services.
We reserve the right to make changes or additions to the information provided at any time. When creating our pages, we carefully ensure that the information provided is correct, up-to-date, complete, understandable and available at all times. Service provider according to § 13 Telemedia Act (TMG) and responsible body according to Art. 4 No. 7 DSGVO is DiWa Import Services (Germany), Wiesham 1, 85567 Grafing b. Muenchen, Germany.
Collection and storage of personal data and type and purpose of their use:
a) When you visit the website
When you use our website, the browser used on your device automatically sends information to our website server . This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
- IP address
- Date and time of request
- Time zone offset from Greenwich Mean Time (GMT)
- Request content (specific page)
- Access Status/HTTP Status Code
- Amount of data transferred in each case
- Web page from which the request comes
- Operating system and its interface
- Language and version of browser software.
The data mentioned will be processed by us for the following purposes:
- Ensuring a smooth connection to the website,
- Ensuring comfortable use of our website,
- Evaluation of system security and stability, and
- for further administrative purposes.
The legal basis for data processing is Article 6 Paragraph 1 Clause 1 Letter f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
b) Contact form
If you have any questions, we offer you the opportunity to contact us using a form provided on the website. It is necessary to provide your name and a valid e-mail address so that we know who sent the request and can answer it. Further information can be provided voluntarily.
The data processing for the purpose of contacting us takes place in accordance with Article 6 Paragraph 1 Sentence 1 lit. a GDPR on the basis of your voluntarily given consent.
c) Registration for events
If you would like to register for one of our events, we offer you the opportunity to register using a form provided on the website to register. It is necessary to provide your name and a valid e-mail address as well as your address so that we know who submitted the registration and so that we can process it. Further information can be provided voluntarily.
Data processing for the purpose of registering for an event with us takes place in accordance with Article 6 (1) (b) GDPR. We will delete your personal data after the contract has been completed and the retention periods under tax and commercial law have expired.
As a rule, personal data is passed on exclusively for the purpose of order processing by external service companies, in particular for the purpose of sending the Lebenshilfe newspaper, the specialist journal Participation and the legal service to the respective customer or subscriber.
Your personal data will not be passed on to third parties for purposes other than those listed.
We will only pass on your personal data to third parties if:
- You have given your express consent to this in accordance with Art. 6 (1) sentence 1 lit. a GDPR
- the transfer according to Art. 6 Paragraph 1 S. 1 lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,< /li>
- in the event that there is a legal obligation to pass on the data pursuant to Article 6 (1) sentence 1 lit. c GDPR, and
- this is legally permissible and required for the processing of contractual relationships with you in accordance with Article 6 (1) sentence 1 lit. b GDPR.
5. Technical background when processing personal data
- Transient cookies (temporary use)
- Persistent cookies (time-limited use)
- Third party cookies (from third parties)
- Flash cookies (permanent use; cannot be excluded by third parties).
Transient cookies are automatically deleted when you close your browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to the website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time. You can configure your browser settings according to your wishes and e.g. B. refuse to accept third-party cookies or all cookies. However, we would like to point out that you may then not be able to use all the functions of this website.
The Flash cookies used are not recorded by your browser, but by your Flash plug-in. These store the necessary data regardless of the browser you use and do not have an automatic expiry date. If you do not wish the Flash cookies to be processed, you must install an appropriate add-on, e.g. B. „Better Privacy“ for Mozilla Firefox or Adobe Flash Killer cookie for Google Chrome.
This stored information is stored separately from any further data given to us. In particular, the data from the cookies are not linked to your other data.
b) Use of Google products:
The legal basis for the processing of the user’s personal data is the user’s consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR.
With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
- Google Fonts
- Google reCAPTCHA
- Integration of Google Maps
1. Google Fonts:
Our website uses so-called web fonts, which are provided by Google, for the uniform display of fonts. Google Fonts is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“). For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website was accessed via your IP address. The IP address of the browser of the end device of the visitor to this website is also stored by Google. If your browser does not support web fonts, a standard font will be used by your computer.
We use „Google reCAPTCHA“ (hereinafter „reCAPTCHA“) on this website. The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether data entry on this website (e.g. in a contact form) is done by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the website visitor spends on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyzes run completely in the background. Website visitors are not informed that an analysis is taking place.
The storage and analysis of the data takes place on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. If a corresponding consent was requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para B. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
3. Integration of Google Maps:
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
- Framework for data transmission: https://policies.google.com/privacy/ frameworks
- EU Standard Contractual Clauses: https://privacy.google.com /businesses/controllerterms/mccs/
c) Transfer to third countries
When using cookies, data may be transferred to third countries – in particular the USA – for which there is no adequacy decision pursuant to Art. 45 Para. 3 GDPR and no suitable guarantees pursuant to Art. 46 GDPR exist. We would like to point out that data transmission without the existence of an adequacy decision and without suitable guarantees involves certain risks, about which we can inform you below:
US intelligence services use certain online identifiers (such as the IP address or unique identifiers) as a starting point for tracking individuals. In particular, it cannot be ruled out that these news services have already collected information about you, with the help of which the data transmitted here can be traced back to you.
Providers of electronic communication services headquartered in the USA are subject to US surveillance – Intelligence services under 50 U.S. Code § 1881a (“FISA 702”). According to this, providers of electronic communications services headquartered in the USA have the obligation to notify the US authorities in accordance with 50 U.S. Code § 1881a to make personal data available without you possibly being entitled to any means of redress. Even encrypting the data in the electronic communications service provider’s data centers cannot provide adequate protection because an electronic communications service provider has a direct obligation to access imported data in its possession, custody or control to grant or issue them. This obligation can expressly also extend to the cryptographic keys, without which the data cannot be read.
The fact that this is not just a „theoretical danger“ is shown by the judgment of the ECJ of July 16, 2020, C‑311/18.
The legal basis for the transfer of the user’s personal data to a third country is the user’s consent in accordance with Article 49 (1) (a) GDPR.
6. social media
We use different networks for our company appearances. When using some networks, personal data can be transferred to servers in the USA. In order to ensure suitable guarantees for the protection of the transmission and processing of personal data outside the EU, data is transmitted to and processed by the following on the basis of suitable guarantees according to Art. 46 ff DSGVO, in particular by the conclusion of so-called standard data protection clauses according to Art. 46 Paragraph 2 lit. c GDPR.
Facebook’s operating company is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a person concerned lives outside the USA or Canada, the person responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Every time one of the individual pages of this website is called up, which is operated by the person responsible for processing and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the person concerned is automatically activated causes the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook is informed which specific subpage of our website is visited by the person concerned.
If the person concerned is logged on to Facebook at the same time, Facebook recognizes which specific subpage of our website the person concerned is visiting each time the person concerned calls up our website and for the entire duration of their stay on our website. This information is collected by the Facebook component and assigned to the respective Facebook account of the person concerned by Facebook. If the person concerned clicks on one of the Facebook buttons integrated on our website, for example the „Like“ button, or if the person concerned makes a comment, Facebook assigns this information to the personal Facebook user account of the person concerned and stores this personal data .
Facebook always receives information via the Facebook component that the person concerned has visited our website if the person concerned is logged in to Facebook at the same time as accessing our website; this takes place regardless of whether the person concerned clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook in this way, they can prevent the transmission by logging out of their Facebook account before accessing our website.
The data policy published by Facebook, which can be accessed at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It is also explained there which setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.
YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States
Our website uses plugins from the Google-operated YouTube site. The site operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers will be established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
On our YouTube company page, we provide information and offer YouTube users the opportunity to communicate. If you carry out an action on our YouTube company website (e.g. comments, posts, likes, etc.), you may make personal data (e.g. real name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by the jointly responsible company YouTube, we cannot provide any binding information on the purpose and scope of the processing of your data.
Our corporate presence in social networks is used for communication and the exchange of information with (potential) customers. The publications about the company’s website can contain the following content:
- Information about products
- Information about services
- Customer contact
Every user is free to publish personal data through activities.
The legal basis for data processing is Art.6Abs.1S.1lit.aDSGVO.
The data generated by the company’s website is not stored in our own systems.
You can object to the processing of your personal data that we collect as part of your use of our YouTube corporate presence at any time and assert your rights as a data subject. To do this, send us an informal e-mail. You can find more information about the processing of your personal data by YouTube and the corresponding objection options here:
7. Updating and changing this data protection declaration
This data protection declaration is currently valid and has the status of October 2022.
Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website via this link.